BlackBerry PDF parsing vulnerability
Last Updated: 2008-07-15 22:39:40 UTC
by Maarten Van Horenbeeck (Version: 1)
Francois wrote in today pointing us to a vulnerability recently discovered in the BlackBerry attachment service. This service parses documents in various file formats, including PDF, and encodes them in a format readable for the BlackBerry handheld device. Most vulnerabilities that have affected the BlackBerry Enterprise platform have been situated in this service, as it needs to be able to parse a wide number of different files, increasing the risk of software vulnerabilities, particularly heap overflows.
Early 2006, for example, a vulnerability in the service affected the parsing of TIFF files. While it's hardly ever adhered to, many hardening guidelines for BlackBerry, including those issued by Australia's DSD, recommend installing the attachment service on a separate machine within a clean and screened subnet. By only allowing files into the service and the resulting datastream out, the impact of a compromise can be controlled.
This vulnerability is interesting as it is one of those cases where it appears the BlackBerry, which opens a file, may be at risk, but what is really exposed in the enterprise setup housed in the centre of the corporate network. Users of the BlackBerry Enterprise Server (BES) can read up on the risk and countermeasures here.